WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14081 questions

16726 answers

27451 comments

53724 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to wifi openvpn not sms trb140 firmware connection ipsec - on rutx12 rutx09 modbus

RUT240 expected IPSec throughput

0 votes
1,148 views 6 comments
by
Hello All,

As above, what is the expected (max) IPSec throughput on RUT240 unit?

Thanks,

Myky
by
____________

1 Answer

+1 vote
by

Hi,

We've done tests, but only for RUT9XX. The max speed that we got was around 26 Mbit/s. The configuration used was:

IKE version: IKEv1
Mode: Main
Type: Tunnel

Phase 1:

  • Encryption algorithm: AES128
  • Authentication: MD5
  • DH group: MODP768

Phase 2:

  • Encryption algorithm: AES128
  • Authentication: MD5
  • PFS group: NO PFS
Best answer
by
Perfect! Thank you Dziugas
by
Thanks for posting this. Using RUT2_R_00.07.03.4 my results were only around half of the above—around 1.40MB/sec (~12Mbit/s).  It's pretty slow.

Would Wireguard be faster?
by
It should, on a RUTX11 I have a factor of two in favor of  Wireguard.
by
Thanks. In this case it's a RUT240. Not sure if that 2x would also apply here. I'll see if I can test later.
by
@flebourse In case you (or anyone else) were wondering, I stood up a Wireguard site-to-site tunnel today between a RUT240 running 7.03.4 and a pfSense firewall in a datacenter. The unit had been running an IKEv2 IPSEC tunnel previously. I disabled that and built a new WG configuration.

This unit only has a 100Mbit uplink, so not an ideal test of max. thruput, but I can say that the Wireguard tunnel performs very well, about 15% faster thruput, and uses only ~40% CPU where the IPsec was above 93% consistently while saturating the tunnel. So I'm going to stick with Wireguard and see how it goes.